{ "version": "0.1", "generated_at": "2025-11-07T22:40:04Z", "cases": [ { "id": "runc-CVE-2024-21626-symlink-breakout", "primary_axis": "container-escape", "tags": [ "symlink", "filesystem", "userns" ], "languages": [ "binary" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 9.0, "references": [ "cve:CVE-2024-21626" ] }, { "id": "linux-cgroups-CVE-2022-0492-release_agent", "primary_axis": "container-escape", "tags": [ "cgroups", "kernel", "priv-esc" ], "languages": [ "binary" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 9.0, "references": [ "cve:CVE-2022-0492" ] }, { "id": "glibc-CVE-2023-4911-looney-tunables", "primary_axis": "binary-hybrid", "tags": [ "env-vars", "libc", "ldso" ], "languages": [ "c" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2023-4911" ] }, { "id": "curl-CVE-2023-38545-socks5-heap", "primary_axis": "binary-hybrid", "tags": [ "networking", "proxy", "heap" ], "languages": [ "c" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2023-38545" ] }, { "id": "openssl-CVE-2022-3602-x509-name-constraints", "primary_axis": "binary-hybrid", "tags": [ "x509", "parser", "stack-overflow" ], "languages": [ "c" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2022-3602" ] }, { "id": "openssh-CVE-2024-6387-regreSSHion", "primary_axis": "binary-hybrid", "tags": [ "signal-handler", "daemon" ], "languages": [ "c" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2024-6387" ] }, { "id": "redis-CVE-2022-0543-lua-sandbox-escape", "primary_axis": "binary-hybrid", "tags": [ "lua", "sandbox", "rce" ], "languages": [ "c", "lua" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2022-0543" ] }, { "id": "java-log4j-CVE-2021-44228-log4shell", "primary_axis": "lang-jvm", "tags": [ "jndi", "deserialization", "rce" ], "languages": [ "java" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 9.8, "references": [ "cve:CVE-2021-44228" ] }, { "id": "java-spring-CVE-2022-22965-spring4shell", "primary_axis": "lang-jvm", "tags": [ "binding", "reflection", "rce" ], "languages": [ "java" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 9.8, "references": [ "cve:CVE-2022-22965" ] }, { "id": "java-jackson-CVE-2019-12384-polymorphic-deser", "primary_axis": "lang-jvm", "tags": [ "deserialization", "polymorphism" ], "languages": [ "java" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2019-12384" ] }, { "id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset", "primary_axis": "lang-dotnet", "tags": [ "protocol", "http2", "dos" ], "languages": [ "dotnet" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2023-44487" ] }, { "id": "dotnet-newtonsoft-deser-TBD", "primary_axis": "lang-dotnet", "tags": [ "deserialization", "json", "polymorphic" ], "languages": [ "dotnet" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [] }, { "id": "go-ssh-CVE-2020-9283-keyexchange", "primary_axis": "lang-go", "tags": [ "crypto", "handshake" ], "languages": [ "go" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2020-9283" ] }, { "id": "go-gateway-reflection-auth-bypass", "primary_axis": "lang-go", "tags": [ "grpc", "reflection", "authz-gap" ], "languages": [ "go" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [] }, { "id": "node-tar-CVE-2021-37713-path-traversal", "primary_axis": "lang-node", "tags": [ "path-traversal", "archive-extract" ], "languages": [ "node" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2021-37713" ] }, { "id": "node-express-middleware-order-auth-bypass", "primary_axis": "lang-node", "tags": [ "middleware-order", "authz" ], "languages": [ "node" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [] }, { "id": "python-jinja2-CVE-2019-10906-template-injection", "primary_axis": "lang-python", "tags": [ "template-injection" ], "languages": [ "python" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2019-10906" ] }, { "id": "python-django-CVE-2019-19844-sqli-like", "primary_axis": "lang-python", "tags": [ "sqli", "orm" ], "languages": [ "python" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2019-19844" ] }, { "id": "python-urllib3-dos-regex-TBD", "primary_axis": "lang-python", "tags": [ "regex-dos", "parser" ], "languages": [ "python" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [] }, { "id": "php-phpmailer-CVE-2016-10033-rce", "primary_axis": "lang-php", "tags": [ "rce", "email" ], "languages": [ "php" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2016-10033" ] }, { "id": "wordpress-core-CVE-2022-21661-sqli", "primary_axis": "lang-php", "tags": [ "sqli", "core" ], "languages": [ "php" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2022-21661" ] }, { "id": "rails-CVE-2019-5418-file-content-disclosure", "primary_axis": "lang-ruby", "tags": [ "path-traversal", "mime" ], "languages": [ "ruby" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [ "cve:CVE-2019-5418" ] }, { "id": "rust-axum-header-parsing-TBD", "primary_axis": "lang-rust", "tags": [ "parser", "config-sensitive" ], "languages": [ "rust" ], "variants": [ "reachable", "unreachable" ], "severity_cvss": 7.5, "references": [] } ] }